To Combat Firesheep, Microsoft’s Bing Looking Into SSL

Microsoft’s Bing is looking into SSL and other privacy
settings for the next version of their search engine. Currently the site strips
SSL when forced into HTTPS and in turn, brings up an advisory on browsers signaling
an unsafe connection.

Introduced at Toorcon, the Firefox extension allows
attackers to capture site cookies from users on unsecured wireless networks and
browse under their logon.

Microsoft’s Bing is looking into SSL and other privacy
settings for the next version of their search engine. Currently the site strips
SSL when forced into HTTPS and in turn, brings up an advisory on browsers signaling
an unsafe connection.

Introduced at Toorcon, the Firefox extension allows
attackers to capture site cookies from users on unsecured wireless networks and
browse under their logon.

With the advent of Firesheep and subsequently, its surge of recently
converted hackers, HTTP session hijacking is becoming more and more of a
concern. Sites like Bing will have to adopt suitable security techniques to
contend with the extensions’ further proliferation.  

Firefox 4, scheduled for release by the end of the year will
help. As
reported in August
, the browser will receive HTTP Strict Transport
Security, ensuring the browser always requests a safe HTTPS session from sites.
However If sites like Bing don’t implement SSL into sites, the lack of full-end
encryption will still be a problem and HTTPS won’t even be an option.

Network
World has more on this story.


Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.